MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c271029ec6c89c9b40faa58b22c87be0bf41a4f63b8d2f57f088351186b3ad29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AgentTesla


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c271029ec6c89c9b40faa58b22c87be0bf41a4f63b8d2f57f088351186b3ad29
SHA3-384 hash: e6eea6abcb2bdeb95eaf8c3b4e46435b7dd359fb20f5eaa4d657cfadbf4854308581fdab04f7d270ac7ff49d9473f6b4
SHA1 hash: bd5553d011b6cc6aea7ea496b81d99730d0f5617
MD5 hash: b97cab5957eb3b62816a5bc1f90318cf
humanhash: chicken-uncle-illinois-victor
File name:order 1.exe
Download: download sample
Signature AgentTesla
Create hunting rule
File size:588'800 bytes
First seen:2021-04-16 12:55:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'609 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:q64BWl84ZbdoGpoSu6oAtEwwOdZPGB9jg1:H42zZr2moAaOai
Threatray 3 similar samples on MalwareBazaar
TLSH 85C4AE906A9CFB52E46E17F2886055310736AD13D326E76F9CCC79EE1A70B82F84D253
Reporter James_inthe_box
Tags:AgentTesla exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
order 1.exe
Verdict:
Suspicious activity
Analysis date:
2021-04-16 13:02:31 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5611a4ff-3bb6-4c0c-9775-ce810b31b947

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/136125/
Detection(s):
SecuriteInfo.com.Trojan.PackedNET.658-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
AgentTesla
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/680781
Signature
Initial sample is a PE file and has a suspicious name
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AgentTesla
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c271029ec6c89c9b40faa58b22c87be0bf41a4f63b8d2f57f088351186b3ad29/
Threat name:
ByteCode-MSIL.Trojan.Taskun
Create hunting rule
Status:
Malicious
First seen:
2021-04-16 12:55:29 UTC
File Type:
PE (.Net Exe)
Extracted files:
14
AV detection:
15 of 47 (31.91%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
29ebec67d2006c81333565581d8c2b123a3fbeee5123180b25feccb3b02f838e
AgentTesla
790b008421852f555794a5e59c91f894993dcac641104ca06087bda8c1b5ea50
AgentTesla
b3f925eaeb399bbeeaa770c062fb8696fb70c93837b1ba33ef892c507f14cba0
AgentTesla
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210416-sw5aps3lkj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
d1a39a3d702b0c5221f357b543a0d4cc9d39205fe022458379840d75ee84a1e2
MD5 hash:
c1b2210820e2339a9892c24e89c72a0f
SHA1 hash:
49a3aabbe298f289cfabde27d4bf1ce5521f12ce
Link:
https://www.unpac.me/results/b9ef319e-ce27-484a-8a9c-2d52c08edb81/
SH256 hash:
fdccaed76f7279e6b8cc1579dadeed03fa1b8d1adcdfbcac585a68da168366d5
MD5 hash:
8b603b23caf00139206f293eb741a9f0
SHA1 hash:
1cc90aec7ce07b13930fe0c088fe3cd155b3ea07
Link:
https://www.unpac.me/results/b9ef319e-ce27-484a-8a9c-2d52c08edb81/
SH256 hash:
b3cb8a74b1a204ed9df89a0ed0c15223035c614e40b84aea383d54b65119ab45
MD5 hash:
6aaa1c8509e6108c540ae1eadc033dbc
SHA1 hash:
169701c3f56e44c965534a8525c0eb37d4d4dd55
Link:
https://www.unpac.me/results/b9ef319e-ce27-484a-8a9c-2d52c08edb81/
SH256 hash:
c271029ec6c89c9b40faa58b22c87be0bf41a4f63b8d2f57f088351186b3ad29
MD5 hash:
b97cab5957eb3b62816a5bc1f90318cf
SHA1 hash:
bd5553d011b6cc6aea7ea496b81d99730d0f5617
Link:
https://www.unpac.me/results/b9ef319e-ce27-484a-8a9c-2d52c08edb81/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.54
Link:
https://yomi.yoroi.company/submissions/c271029ec6c89c9b40faa58b22c87be0bf41a4f63b8d2f57f088351186b3ad29

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/136125/

Comments